The chapter layout of this book consisted of 13 chapters:
Chapter 1 : Ethical Hacking Overview
Chapter 2 : TCP / IP Review
Chapter 3 : Network & Computer Attacks
Chapter 4 : Footprinting and Social Engineering
Chapter 5 : Port Scanning
Chapter 6 : Enumeration
Chapter 7 : Programming for Security Professionals
Chapter 8 : Microsoft Operating System Vulnerabilities
Chapter 9 : Linux Operating System Vulnerabilities
Chapter 10 : Hacking Web Servers
Chapter 11 : Hacking Wireless Networks
Chapter 12 : Cryptography
Chapter 13 : Protecting Networks with Security Devices
Chapter 1 I thought the author did very well in giving an introduction into the field of Penetration Testing. He gave a good view of what Ethical Hackings all about. Talked about penetration testing methodologies, certifications one should opt for if trying to get into the field, went over how a Pen Tester should define the scope (Rules of Engagement) & included various Federal Laws one should take into mind before considering this path. After reading chapter 1 I felt he had done a pretty good job introducing the user to the field.
Chapter 2 the author ended up covering binary, hexidecimal & the octal numbering systems - along with IP Addressing schemes, TCP Flags, ISN, ports & talked about 4 layers (which as he mentioned, were the Internet, Application, Network & Transport layers). He also introduced the 3 - way hand shake which is always useful to know about. I felt he did a fair job on this chapter, except he had the SYN flag as Synthesis instead of Synchronize, so it left me with a feeling like, "I thought it was Synchronize, not Synthesis?". Writers are human also I was just really surprised he didn't catch that.
Chapter 3 was called Network & Computer Attacks, & it basically was written to let the reader muster : "This is what a trojan is" , "This is what adware is", "This is what a DDoS Attack is", "Keylogger, Buffer overflow, etc". Ultimately at the end of this chapter, I was left with a feeling like, "Why didn't the author go more in depth about Buffer Overflows? These are one of the largest attack vectors of today!"
Chapter 4 was a short and quick introduction to social engineering & reconnaissance. Common tools and techniques were introduced like Paros Proxy, the dig & host commands, banner grabbing, DNS Zone Transfers, etc but the author kept it pretty basic in introducing the functionality of all of these. I thought this chapter was sort of lame because I was expecting him to mention how search engines play a roll in gathering intel, along with sites like 411, social networking sites, etc. He did introduce basic skills like Piggybacking, dumpster diving, shoulder surfing but what I was looking for was more of a, "Can you give a good example you've used that've actually worked?"
Chapter 5 was about port scanning, and it honestly wouldn't of been about port scanning if the author didn't mention nmap. In this chapter, the author talked about tools like nmap (and provided in detail what goes on to get the results of SYN Scans, FIN Scans, XMAS Scans, Etc), Hping & Fping, Nessus, Unicornscan & covered some quick bash scripting on how to look for live hosts on the network. Overall, this was a pretty good chapter, I was happy he didn't mention a crappy port scanner I hadn't heard about.
Chapter 6 was all about enumeration. The author introduced some basic enumeration tools like NBTScan, nbtstat, DumpSec, Hyena & finger (oh yeah!). He also talked a little bit about null sessions and gave examples on how an attacker could access shares on a network. I was displeased because he failed to mention service enumeration with nmap in this chapter, along with the VRFY, etc commands you could run on alternate ports to check if certain users exists. I was in a way displeased at this chapter cause I felt he left out some good information.
Chapter 7 was entitled Programming For Security Professionals. Being interested in programming I was looking forward to this chapter. In this chapter, Michael just ended up talking about basic programming syntax of Perl, C & HTML. I was also displeased at this chapter simply because it left you feeling like, "He didn't talk about python, or bash? Why do Ethical Hackers chose C & Perl?". The chapter kind of leaves you hanging, it's like he was talking about going from Enumeration then he turns into an introduction to C, Perl & HTML teacher & doesn't even talk about hacking in this chapter.
Chapter 8 was all about Microsoft Operating System Vulnerabilities. He talked about tools you could run on your own computer to check for vulns like, Microsoft Baseline Security Analyzer, HFNetChk. He also talked a little bit about NetBIOS, RPC, SMB, Samba, CIFS, patching, Passwords and Authentication. What I didn't like about this chapter was that the author re-went over Null Sessions again & randomly put in a whole write up on, "Passwords and Authentication" as if its based directly on the Windows OS Vulnerabilities. Surely it relates, but I felt his idea of enforcing strong password policies should be put into place over a global scale of operating systems. I don't see how relevant it was to stick Passwords & Authentication into this chapter specifically, it just sort've seemed out of place. A positive about this chapter though was he did introduce the reader to SQL Server Agent, Extended Stored Procs & The SA Account.
Chapter 9 was entitled Linux Operating System Vulnerabilities and as enticing as it sounds, the author really failed to deliver in this chapter. The only thing I found useful and learned in this chapter was he talked about the Linux Directory Structure. He introduced basic shell commands, but this chapter was so lamely put together overall that he ended up repeating Footprinting in this chapter and social engineering in a section he called, "Using Social Engineering to Attack Remote Systems". What I found really lame about this chapter was that he failed to mention what the bad guys are after : /etc/shadow . He also failed to mention privilege escalation & randomly threw in an introduction to Packet sniffers in this chapter, as if packet sniffers don't work with windows. I honestly don't think the guy had enough information in this chapter to call it a "Linux Operating Systems Vulnerabilities" chapter. He recovered buffer overflows this in a more in depth approach, but failed to mention how the shellcode between OS's differs (I don't do exploit development but I'm thinking it does).
Chapter 11 was about Hacking Wireless Networks. Of course to be able to break into Wireless Networks you should know a few things about them. In this chapter, the author went through a brief overview of the 802.11 Standard, Wireless Technologies, Authentication Schemes (Like EAP, PPP) & talked about WPA & WEP. He also gave a brief introduction of NetStumbler, Kismet, WEPCrack & Airsnort. I thought he did a pretty good job teaching about alot of the wireless concepts but didn't do a good job explaining the attack process. He failed to mention all the different types of attacks you could perform when attempting to break WEP & offered somewhat weak countermeasures to help defend against wireless attacks. One was : "If you use WEP, consider using 104-bit encryption rather than 40-bit encryption. If possible, replace WEP with WPA...". How about not use WEP at all? In todays world we live in a 128 Bit WEP Key can be cracked in under 5 minutes with ease. He also failed to mention it's useful to keep router firmware upgraded, what information is sent over in clear text that can be grabbed if connected to a rogue access point. To me, it would've been a good place to throw packet sniffers in this section, because although they don't relate to wireless hacking in particular, it's typical people run sniffers on their laptops to receive user credentials (Especially these days).
Chapter 12 was all about Cryptography & was a positive chapter. Of course the history of cryptography along with plaintext, ciphertext, symmetric, asymmetric algorithms were discussed. It also talked about authenticity, nonrepudiation & a whole lot more that you'd expect to see on a Security+ exam. This chapter had alot of information in it and it's probably one I need to go back to since it's crammed with alot. The author knew what he was talking about in this one by far. There were also some activities in this chapter like using Hotmail & PGP, creating your own Cipher Key & a couple more. Simpson (The author) also introduced password cracking & introduced tools like John the Ripper, Hydra, L0phtcrack & pwdump.
Lastly (if you actually have read through all of it I bet your going, "Finally!"), chapter 13 was called Protecting Networks with Security Devices. This chapter managed to cover Cisco router configurations as well and some command line in dealing with these, Access Control Lists Network Address Translation (NAT), Stateful Packet Inspection (SPI), Firewalls, Packet Filtering, DMZ's, Microsoft's ISA Server, Network IDS's & Host-Based IDS's & honeypots (It failed to talk about honeynets though). This chapter were pretty decent & the activities consisted of examining an open-source honeypot to creating standard and extended IP Access Lists.
In conclusion the book was decent. I was amazed that the author didn't cover how to use the tools too much he sort've just mentioned them and left a reference for the reader to go off and study it on their own time. The last chapter ends on page 345 and it's a 460+ page book, towards the back it's filled with useful reference material like Penetration Testing Documentation, Sample Report, Etc. Overall, being familiar with Back Track & the book coming with a linux distro that was pretty lame. I guess I should take into account that the book is a few years old, but overall it was decent. I'd recommend it possibly to beginners if they have the money. I've heard positive things about Counter Hack Reloaded, maybe you'd get a bit more out of reading that. This book has it's positives and negatives. I've mentioned a few of it's negatives but a good positive about it, is that it offers activities for you to do step by step so you could pick up & retain the information you read. I think that's probably why teachers teach it. I hope my review was somewhat helpful, thanks for reading.